What are health service providers?

All organisations that provide a health service and hold health information are covered by the Privacy Act 1988 (Privacy Act), whether or not they are a small business and even if providing a health service is not their primary activity.

Under the Privacy Act a 'health service' includes any activity that involves:

assessing, maintaining or improving a person's physical or psychological health

diagnosing or treating a person's illness, disability or injury

recording a person’s physical or psychological health for the purposes of assessing, maintaining, improving or managing the person’s health

dispensing a prescription drug or medicinal preparation by a pharmacist

where a person’s health cannot be maintained or improved – managing the person’s physical or psychological health

This includes activities that take place in the course of providing aged care, palliative care or care for a person with a disability.

State and territory public hospitals and health services are not covered by the Privacy Act, but may be covered by relevant state or territory legislation. However, the Office of the Australian Information Commissioner (OAIC) may be able to investigate complaints about the handling of healthcare identifiers by state and territory authorities.